This user manual will instruct you on how to install your internal probe to run internal scans with Autobahn Fit's engine
Table of content
3. Installing the internal probe
4. Testing the probe for successful installation
6. Logging Autobahn Fit worker data
1. Request the internal probe
Before you begin, you need an internal probe installation file. You can get this file from your Customer Success Manager. Once you have the file, proceed with the installation on your system.
If you encounter any difficulties during the process, feel free to contact us for further assistance.
2. Whitelisting rules
The Autobahn Fit worker is deployed via a Docker image. This server hosting the docker needs to be able to reach these IP addresses to provide direct (secured) connections to Autobahn Fit:
- http://hub.docker.com:443
- auth.docker.io:443
- registry-1.docker.io:443
- http://index.docker.io/:443
- dseasb33srnrn.cloudfront.net:443
- http://production.cloudflare.docker.com/:443
- mq.app.autobahn-security.com:443
The Autobahn Fit worker is deployed via a Docker image.
Specifications:
The server hosting the docker should have at least 4 CPU cores, 8 GB RAM, 100GB HDD, and internet access.
1 - You need to have Docker installed on your system. On Ubuntu, this command installs docker:
$ sudo apt install docker.io
Ensure your user account has permission to run this command.
For more information, check out Docker: Accelerated, Containerized Application Development.
Please note that Docker installation steps may differ depending on the installed operating system. Please refer to Docker's official site for an installation tutorial based on the operating system (Install Docker Engine).
After installing Docker, please follow the post-installation step as described in Linux post-installation steps for Docker Engine.
2 - Next, ensure that your user account can start Docker containers by running these commands:
$ sudo groupadd docker
$ sudo usermod -aG docker ${USER}
At this point, you need to log out and log in again for the group change to be effective.
$ docker ps
3 - Execute the following command to extract the configuration and installation files, and to install the Autobahn Docker image.
$ unzip probe_name.zip
Replace probe_name with the name of the zip file that was given to you. This should be the name of the probe label.
Next, go to the worker.
$ cd autobahn_worker
4 - Now you need to run the Autobahn Fit worker. This worker needs to run when starting an internal scan, otherwise the scan will not start. Run the worker using the following command.
$ ./autobahn_probe.sh run
5 - The prompt will notify you that the worker is running. You can only start internal scans by running the worker (given all steps above and below have been completed).
4. Test the probe
If you are unsure whether whitelisting for the internal scan was successful, you can check this with the following command in your command prompt.
./autobahn_probe.sh network-test [target] [optional: ports] [optional: extra params]
where:
-
Target is the asset that you would like to scan
-
Ports are the specified asset ports to be scanned (if any)
-
Extra params are for any other parameters that would like to be added (if any)
Targets can either be a domain, an IP address, or a subnet. If no ports are specified, ports 22, 80, and 443 will be scanned.
Once you run this command, refer to the script output to check whether the selected targets have been whitelisted or not.
Example commands
./autobahn_probe.sh network-test '192.168.0.0/24'
--> Commands the system to do network tests to a specific subnet and default ports (22, 80, 443)
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307'
--> Commands the system to do network tests to specific subnets and specific ports
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307' '-6'
--> Commands the system to do network tests to specific subnets, and specific ports, and pass extra arguments to Nmap.
5. Create your internal scan
You have successfully installed the internal probe. You can now start internal scans by logging into your account and starting a scan.
6. Log Autobahn Fit worker data
By default, the Autobahn Fit worker container will send log data to the Autobahn Fit server for diagnostic, debugging, and troubleshooting purposes. If you do not want these logs sent, please run the command:
$ ./autobahn_probe.sh disable-log-exports
To enable sending logs, run this command:
$ ./autobahn_probe.sh enable-log-exports
In case further log data is required for troubleshooting, the command below will collect necessary logs and information from the Autobahn Fit worker and compress it to a single file:
$ ./autobahn_probe.sh collect-logs
The compressed file will be created in the same directory as the script.
7. Other useful commands
7.1. Upgrade to the latest Autobahn Fit worker version
$ ./autobahn_probe.sh run
7.2. Uninstall the Autobahn Fit worker from Docker:
$ ./autobahn_probe.sh uninstall
7.3. Perform a network test to check whether a specific domain / subnet is reachable from the server:
$ ./autobahn_probe.sh network-test
7.4. For more information on each script, run them with
./autobahn_probe.sh help